FedRAMP Analyst
FedRAMP Analyst Department: Security & IT Employment Type: Full Time Location: Remote USA Compensation: $80,000 - $100,000 / year Description The FedRAMP Analyst is responsible for day-to-day execution of Clearview AI’s FedRAMP Continuous Monitoring (CONMON) program for Clearview’s federal-authorized platforms, including FedRAMP High. This role owns monthly CONMON deliverables (vulnerability tracking, POA&M updates, inventory reporting, and monthly executive reporting inputs), supports annual 3PAO assessment preparation, and maintains audit-ready evidence repositories aligned to the approved ATO package (SSP and appendices). The FedRAMP Analyst partners closely with Engineering, Security & IT, Legal, People Operations, and external compliance partners to ensure authorized systems remain compliant, secure, and ready to support active U.S. Government customer usage. This role is scoped exclusively to FedRAMP; any future DoD IL program will be staffed as a separate position and is out of scope for this role.
Key Responsibilities
Execute the monthly FedRAMP CONMON calendar and ensure timely completion of all required artifacts and submissions. Own monthly vulnerability remediation tracking: intake scan outputs, open/track remediation tickets, validate closure evidence, and ensure SLA adherence (e.g., 30/90/180-day timelines). Maintain and update the Plan of Action and Milestones (POA&M): create/update POA&M items, document milestones, track due dates, coordinate risk statements with Legal, and route for approvals. Generate and maintain monthly inventory and configuration evidence (e.g., Integrated Inventory Workbook/IIW updates, authorized software evidence, baseline/config drift support). Prepare monthly CONMON reporting packages, including Monthly Security Status Reports, CONMON Executive Summary inputs, deviation requests, and other stakeholder reports required by the Sponsoring Agency, FedRAMP PMO, or Authorizing Official. Prepare deviation and exception requests: gather technical justification, compensating control documentation, scope/impact statements, and route through required approvals. Support continuous monitoring governance activities: access review evidence, log/monitoring review evidence, and coordination of corrective actions with Engineering and Security & IT. Maintain the CONMON and ATO artifact repository in Google Drive (or designated system): version control, naming conventions, evidence indexing, and audit-ready structure. Support annual security testing activities (e.g., penetration tests, red-team exercises if applicable, IR/ISCP tabletop exercises) by tracking schedules, collecting artifacts, and documenting remediation status. Support annual 3PAO assessment coordination: evidence collection, interview scheduling, assessor Q&A tracking, and findings remediation tracking in partnership with the VP, Federal Operations. Support significant change workflows: help determine compliance impact, document change narratives, update SSP appendices as required, and maintain change evidence for CONMON. Track training compliance for federal systems (Rules of Behavior acknowledgements, required awareness training completion) in coordination with People Ops and Security & IT. Serve as a primary day-to-day point of contact for internal stakeholders for FedRAMP evidence requests and compliance status updates; escalate risks and blockers to the VP, Federal Operations. Skills, Knowledge and Expertise 3+ years of experience in cybersecurity compliance, GRC, or operating regulated cloud environments (FedRAMP, DoD IL, CJIS, HIPAA, PCI, ISO 27001/42001, or similar). Demonstrated experience executing continuous monitoring or recurring compliance reporting programs (monthly cadence preferred). Working knowledge of NIST 800-53 and FedRAMP concepts (POA&M management, SSP/ATO artifact structure, assessment evidence expectations). Experience coordinating vulnerability remediation tracking and translating technical findings into compliance artifacts (tickets, evidence, milestones, risk language). Strong project management and organizational skills; ability to manage multiple deadlines and stakeholder inputs. Excellent communication skills for producing audit-ready narratives, status reports, and executive summaries. Comfort working with technical teams (Engineering, Security) to obtain evidence and validate remediation outcomes. Experience using common tooling for evidence and workflow tracking (Google Drive, Jira/Linear, spreadsheets, ticketing systems). Ability to manage confidential and sensitive cybersecurity information. Candidates must be able to meet government security clearance requirements as required for this role. Preferred Qualifications: Direct experience supporting a FedRAMP Moderate/High authorization, annual 3PAO assessment, or agency ATO process. Experience with SecondFront/Game Warden or other FedRAMP-adjacent platforms and inherited-control models. Familiarity with vulnerability scanning, SIEM/log review concepts, and secure SDLC evidence (SAST/DAST, threat modeling). Experience with evidence automation or compliance engineering approaches (repeatable evidence packets, templates, control mapping). Relevant certifications (e.g., Security+, SSCP, CISSP Associate, CAP, CISA, PMP).
Benefits
Medical, Dental, Vision, STD and LTD Plans FSA - Medical and Dependent Care EAP and wellness programs 13 Paid Holidays Unlimited PTO Flexible work environment - 100% remote 401(k) plan Apply To This Job